Your data belongs to you and you control your data. Sharing data with us and consenting to us processing your personal data enable us to offer you the best possible orthopedic trainng support.

Vivira Privacy Statement

As of November 21st, 2018

The protection of your data and your privacy are very important to us. We’re aware of the sensitive character of your health information. Therefore, the legislator refers to certain health data as “special personal data”. Such data is in particular need for protection.

At Vivira, we collect as little of your personal data as possible and protect it by the highest technical standards. This Privacy Statement explains in detail how we do this.

Which questions does our Privacy Statement answer?

1. Why does Vivira collect, process and use your data? 2. How does Vivira handle your data? 3. Which data do we collect? 4. How do we process your data? 5. How long do we store your data? 6. Whom do we transfer your data to? 7. How can you share your data with healthcare providers? 8. Where do we store your data and how do we protect it? 9. Which third-party tools do we use? 10. How can you delete personal data that has been stored by Vivira? 11. How can you access your data? 12. Which other rights do you have as a user? 13. What happens in case of a change to this privacy statement?

1. Why does Vivira collect, process and use your data?

Vivira pursues the objective to support your orthopedic training in the best possible way by providing you with personalised, medically developed and validated programs, e.g. to complement conservative medical and therapeutic treatment, for surgery prevention, preparation for surgery, inpatient rehabilitation, outpatient rehabilitation, and for further training thereafter.

We’d like to support you as you take on your recovery and physical development in addition to traditional treatment. Enabling you to become as self-determined and independent as possible outside of clinics and practices. To find your way back to everyday life in which you’re able to handle daily activities with physical function and as little pain as possible, as quickly as possible.

Furthermore, Vivira supports medical research and healthcare research by providing the research with collected, processed, and completely anonymized data.

The data that we collect, process and use pursues these objectives exclusively.

2. How does Vivira handle your data?

Vivira Health Lab GmbH (“Vivira”) is located at Kurfürstendamm 54/55, 10707 Berlin, Germany. Vivira collects and processes your personal data in connection with the ViviraApp (“App”) and the website www.vivira.com (“Website”). We’re “responsible” according to German Basic Regulation on Data Protection (Deutsche Datenschutz-Grundverordnung – “DSGVO”), which is in line with European Data Protection Law.

We process your data only to the extent necessary for the provision of the Vivira services requested by you, as long as you consent to the processing, or if we’re authorized to do so by data protection laws. For the processing of your health data, we separately ask for your consent. You can consent e.g. by activating the content slider. We will keep a record of your consent.

Any requests can be sent to support@vivira.com at any time. For further information regarding our company, see www.vivira.com. You may also address questions to our data protection officer: mpP Group, yourprivacyfirst; Mike Peter, data protection expert; e-Mail: hello@yourprivacyfirst.de

3. Which data do we collect?

Personal data is especially protected by law. Such data refers to information that refers to an identified or identifiable person.

With the exception of your email address, we do not collect any data that allows direct identification of your person. Nevertheless, strictly confidential handling of all your data is of great importance to us. Therefore, we treat all data according to the same rules that also apply to processing your personal data.

You’re not obliged to share personal data with us. Likewise, the use of our App and related services are voluntary. However, in case you do not wish to share necessary data with us, we’re unable to provide you with the services described in our terms and conditions.

Health data

Vivira consists of four main features, in each of which health data is collected. The collection of the data is required for serving the purpose of Vivira and for providing the services as described in our terms and conditions. The four main features are:

During the activation process you may, where applicable, use a voucher with an activation code.

You can select your preferred Vivira program during onboarding.

You will, in addition, receive general information about Vivira during activation and onboarding. You will also be asked questions that are necessary for the generation of your personal training program: about your demography (e.g., gender, age), your health condition (e.g., where you’re experiencing pain and how strong the pain was lately), and possible ongoing treatment (e.g., if you’re in physiotherapy treatment and if you’re taking pain medication).

By voluntarily registering a Vivira user account, you will be able to use our full functionality. With your user account, you can be authenticated and can continue to use your program at all times, also when logging in after an earlier logout, deletion and reinstallation of the App (though not after deletion of your data), as well as when using multiple devices. Registration also allows your data to be saved and enables you to give feedback to Vivira and to get user support at any time.

During registration, you will be asked for your email address and asked to define a personal password. This enables us to set up and protect your account. Your registration may be completed with a pseudonymous email address.

Disclosure of your email address qualifies all data collected, processed and used by Vivira qualifies as “special personal data” pursuant to the DSGVO. It is protected accordingly as such.

to b)

The voluntarily movement test enables you to periodically visualize the condition of your musculoskeletal system and its functionality. The movement test puts you through a certain number of exercises. After each exercise, you will be asked to answer questions about your ability and the pain you may have experienced while completing the exercise.

to c)

The personalized training program enables you to support the recovery and development of your physical function by constant, target-oriented practice. Every day, you will receive several exercises that are explained by video, as well as information regarding the exercises. After each exercise, we will ask you questions regarding your ability and the pain you may have experienced during the exercise. Answering these questions enables us to tailor your progression path so that each day, the exercises will be adapted based on the answers you provided.

Your answers regarding pain and function after each exercise are voluntarily. However, the program can only conduct a progression of exercises after you provide answers to these questions. Without your answers, the program will remain at the current level of difficulty and cannot be adapted according to the answers you provided.

to d)

The activity, steps and wellbeing journals, which are also voluntarily, enable you to record e.g. your activity (calories burned through activity), your pain development, your quality of life, and possible limitations in everyday life (e.g. on the job, at home and during leisure time), and to track progress over the time. Visualization of the data in the App enables you to better understand your progress and always keep an eye on it.

Technical Data

The technical data we collect informs us about the hard- and software you use to access our App and Website:

Within the App

Platform (e.g., iOS or Android)

Version of the Vivira-App

Manufacturer and model of your device

Version of the operating system of your end device

The so-called „Identifier for Advertising in Apple“ for iOS devices

The so-called „Advertising ID“ for Android devices

In the Web-Browser

Browser-Type

Version of the browser

Manufacturer and model of your device

Data regarding use

The data regarding use that we collect informs us how and how often you use our services:

Within the App

Time and frequency of use of App

Area of App that is used

Duration of use

App-settings used (language settings, notifications)

Feedback-data (incl. email-service)

Location of use, if applicable

Within the web-browser

IP-address

Time and frequency of use of Website

Area of Website that is used

Duration of use

Location of use, if applicable

4. How do we process your data?

We process your health data, technical data and data on use while you are using App and Website.

We will only transfer your data to participating service providers (e.g. doctors and therapists) (“Practitioner”), sponsors (e.g. health insurance or health service) (“Payors”) or other partners that might have provided you with a voucher in form of an activation code, if you’ve given us your consent especially for this purpose

Furthermore, we transfer your data completely anonymized to institutions with whom Vivira is engaged in research cooperation. We are happy to provide you with a list our current research cooperations upon request to service@vivira.com at any time.

For payment processing, we will transfer only such data to Apple and Google that is payment-relevant.

5. For how long do we store your data?

Vivira will save your data for a period of 3 years. The period starts with the completion of your Vivira onboarding and ends after the end of 3 years per the end of the calendar year.

Anonymized data can also be saved for research purposes for an indefinite period.

6. Whom do we transfer your data to?

In general, we will not share your data to third parties, unless we are authorized or obliged by law or you have given your special consent to do so:

With your special consent, we will transfer your data to certain Practitioners, Payors and Partners. In this case, Vivira acts as contract data processor pursuant to article 28 DSGVO and undertakes to comply with the legal regulations regarding data protection and data security.

Furthermore, we transfer your data in a completely anonymized form to institutions with whom Vivira is engaged in research cooperation. We are happy to provide you with a list of all current research cooperation upon request to service@vivira.com at any time.

In the context of use of third-party provider tools described in the section below, your personal data may be transferred to these providers (also to the U.S.). In such cases, we will take appropriate actions to reasonably protect your data at all times. Transfer of data to the U.S. is only made to companies that hold a Privacy Shield certification. Therefore, the data transfer is lawful on the basis of the adequacy decision of the EU-Commission (Art. 45 DSGVO) dated 12 July 2016. For further information go to www.privacyshield.gov.

7. How can you share your data with practitioners?

From the Vivira-App, you yourself can share your health data with a practitioner of your choice and enter into the exchange on the basis of this. In this case, the App creates an overview of your personal health data which you can then send to your practitioner, e.g. by email, text message or printout.

8. Where do we save your data and how do we protect it?

To guarantee maximum safety and smooth functioning of the App, we do not save your data on your device. Your data will merely be stored temporarily in the cache of your device. Your data will be saved on servers of Amazon Web Services („AWS“), our IT service provider in Frankfurt am Main (Germany). They process the data on our account and on the legal basis of article 28 DSGVO. AWS undertakes to comply with all relevant legal regulations regarding data protection and data security.

In case you lose your device or you wish to use Vivira in parallel on several devices, we additionally file an encoded ID that can only communicate with our App on the servers of Apple and Google.

We take precautions for the safety of your data and for preventing any misuse. The App and our server communicate through encoded connections via SSL (Secure Socket Layer) to prevent unauthorized third parties from reading your data.

Our servers and databases are protected by firewalls in order to protect against unwanted access. Our provider AWS is oriented according to ISO 27018, a code of conduct that focuses on the protection of personal data in the cloud.

Please be aware that in certain work relationships it is not permitted to use the internet for private purposes during working hours or from your workplace. Some employers systematically monitor prohibited internet activities in the workplace. Also when connected within other multiple network surroundings, please be aware that there is always a higher risk of unwanted access in such surroundings.

9. Which third-party tools do we use?

Vivira contracts third-party providers for analysis and evaluation services relating to user behavior. We do this to be able to provide the services as described in our terms and conditions and/or constantly improve and develop App and Website further.

A transfer of your data to external service providers takes place only in connection with legally permissible contract data processing.

When data is processed outside the European Union and the European Economic Area, an appropriate data protection level will also be assured by adequate guarantees for the protection of the right of personality and the exercise of related rights. This is assured by legal, technical and organizational measurements and periodical controls that third-party providers fulfill all provisions of the relevant data protection regulations.

We use the following third-party provider tools:

Adjust

For data processing, Vivira uses services to Adjust GmbH, a provider from Germany for Mobile App Tracking and Analytics. Adjust provides App-marketers and -publishers with a solution to stay informed about the performance of their campaigns. The Adjust BI-platform shows understandable and practicable metrics, also on the In-App-behavior of users, e.g., to recognize promising marketing campaigns.

Data processing takes place on the basis of article 6 Abs. 1 lit. f DSGVO (“legitimate interests”). We assume a legitimate interest as we are able to significantly improve App and Website for all users on the basis of the findings from the data we receive from Adjust. You may object to the data processing at any time by proceeding as described in section 10 of this privacy statement and deleting your data. The lawfulness of any previously completed data processing remains unaffected by the objection.

Facebook SDK

For data processing, Vivira uses the services of Facebook SDK (Software Developer Kit) of Facebook, Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; „Facebook“). By means of this integration, we can we can link various Facebook services with the App. This way, we can understand better which of our Facebook campaigns are successful. You can find further information on Facebook SDK here. For iOS: https://developers.facebook.com/docs/ios. For Android: https://developers.facebook.com/docs/android.

Data processing takes place on the basis of article 6 Abs. 1 lit. f DSGVO (“legitimate interests”). We assume a legitimate interest as we are able to significantly better reach users for whom Vivira is of value with the date from Facebook SDK.

You may object to the data processing at any time by proceeding as described in section 10 of this privacy statement and deleting your data. The lawfulness of any previously completed data processing remains unaffected by the objection.

Google Analytics uses so-called „cookies“, text files that are saved on your device and that enable an analysis of your use of the Vivira website. Generally, information about your use of the website produced by the cookies is transferred to and stored on a server of Google located in the US. In case of an activation of the IP-anonymization on the website, Google will shorten your IP address in member states of the European Union and other contracting states of the European Economic Area. Only in exceptional cases will your full IP-Address be transferred to a server of Google located in the US and shortened there. The IP address submitted by your browser within the scope of Google Analytics is not combined with other data from Google. On the request of Vivira, Google will use the data to evaluate your use of the Vivira website and the internet for Vivira. Vivira uses these evaluations to improve the Vivira user experience. This purpose constitutes our legitimate interest in data processing.

Data processing takes place on the basis of article 15, Abs. 3 TMG or respectively article 6 Abs. 1 lit. f DSGVO (“legitimate interests”). We assume a legitimate interest as we are able to significantly improve App and Website for all users with the findings from the data provided by Google Analytics.

You may object to the data processing at any time by proceeding as described in section 10 of this privacy statement and deleting your data. The lawfulness of any previously completed data processing remains unaffected by the objection. Data sent by us and linked to cookies, user names (e.g. user IDs) or advertising IDs are deleted after 14 months. Deletion of data that reached its storage period limit occurs automatically once a month.

For further information regarding Google’s terms of use and privacy statement, please see: https://www.google.com/analytics/ terms/de.html or https://policies.google.com/?hl=de.

You may prevent the saving of cookies by activating a set of your browser software; however, we point out that you might no longer be able to fully use all functions of the Vivira website in this case. You may also prevent the collection of data generated by the cookie and linked to your use of the website (incl. IP-address) by Google as well as the processing of this data by Google, by downloading and installing the respective browser-add-on. Furthermore, Opt-Out-Cookies prevent the future collection of your data during visits to the website. In order to prevent data collection by Universal Analytics on different devices, you need to carry out the opt-out in each system used. You can activate the opt-out cookie by clicking here: Google Analytics deaktivieren

Google DialogFlow

For data processing, Vivira uses services of Google DialogFlow, a dialog-oriented interface for websites, mobile applications, common communication platforms, and IoT devices that enables interaction between users and companies. Google DialogFlow is part of Google’s Google Cloud platform. Chat-interactions on our Website and in our App are transferred to servers of Google DialogFlow located in the U.S. Personal data of our users is however not transferred there. For communication with Google DialogFlow, we exclusively user our own IP-Address.

Data processing takes place on the basis of article 6 Abs. 1 lit. f DSGVO (“legitimate interests”). We assume a legitimate interest as we’re able to significantly improve the user experience of App and Website by using Google DialogFlow. You may object to the data processing at any time by proceeding as described in section 10 of this privacy statement and deleting your data. The lawfulness of any completed data processing remains unaffected from the objection.

Mixpanel

For data processing, Vivira uses services of Mixpanel Inc., a provider from the U.S. that protocols page views and page activity during App use. On this occasion, user data is transferred to Mixpanel (and Mixpanel, Inc.) in the U.S.

Data processing takes place on the basis of article 6 Abs. 1 lit. f DSGVO (“legitimate interests”). We assume a legitimate interest as we can significantly improve Vivira for all our users on the basis of findings from data created by Mixpanel. You may object to the data processing at any time by proceeding as described in section 10 of this privacy statement and deleting your data. The lawfulness of any completed data processing remains unaffected from the objection.

Segment

For data processing, Vivira uses services of Segment.io, Inc., a provider from the U.S. Segment enables the analysis of user data on mobile devices and in the internet and enables its transfer to third-party provider tools used by Vivira, e.g. for data analysis, marketing or data warehousing.

Data processing takes place on the basis of article 6 Abs. 1 lit. f DSGVO (“legitimate interests”). We assume a legitimate interest as we can significantly improve Vivira for all our users on the basis of findings from data created by Segment. You may object to the data processing at any time by proceeding as described in section 10 of this privacy statement and deleting your data. The lawfulness of any completed data processing remains unaffected from the objection.

10. How can you delete your data that has been stored by Vivira?

We are subject to statutory storage periods concerning your data, see section 5 of this privacy statement. While observing these, you have the right to delete your personal data by initiating deletion of your data and/ or your user account on the “More”-page in the Vivira App by using the applicable function. Thereby, all your personal data is deleted irrevocably from our database and will be archived in accordance with statutory storage requirements. From that moment onwards data will no longer be available to you. In case you initiated the deletion of your user account, your data will likewise be deleted and archived. In this case, Vivira will no longer be able to create any reference to your account and accordingly, e.g., will no longer be able to reproduce if you were a Vivira Premium user. Storage of anonymized data for research purposes remains unaffected by the deletion of your user account.

In case the deletion conflicts with other statutory, contractual, tax-based, or commercially-based storage requirements or other legislative reasons, your account may not be deleted but merely closed.

11. How can you access your data?

You have the right to information regarding your personal data stored with us. In case your personal data is stored at Vivira, we are happy to provide you with a copy of such data upon request to service@vivira.com. This includes information about the purpose of use, a category of data used, recipient, and accessor, as well as period of data storage planned as well as criteria for determination of this period if possible.

12. Which other user right do you have?

As user of our services, you may have, depending on certain conditions, the following data protection rights:

Correction, deletion or limitation of processing

We are amenable to statutory storage periods concerning your data, see section 5 of this privacy statement, in the context of which you have the right to request correction, deletion or limitation of processing of your personal data, if e.g.

a) data is incomplete or incorrect, b) it is not required any longer for the purpose it had been collected for, c) the consent, on which the processing was based, has been revoked, or d) you have successfully executed your right to object to the data processing.

In cases in which the data is processed by a third party, your request for correction, deletion or limitation of the processing will be transferred to such third party, except if this turns out to be impossible or involves an unreasonable amount of effort.

Limitations in processing your personal data initiated by you may have the consequence that Vivira is no longer able to perform its services as described in its terms and conditions.

Objection to processing

You have the right object to the processing of your personal data through Vivira for reasons that arise from your special situation or by revoking your consent.

Transferability of your data

You have the right to receive in a structured, common and machine-readable form all personal data related to you that is stored with us and to transfer this data to a third party without obstructions from our side; you may also request that we transfer personal data directly to a third party, insofar as this is technically feasible.

Refusal and objection of consent

You may refuse your consent or – without any consequences to the lawfulness of data processing that took place before the revocation – to revoke your consent to the processing of your personal data at any time. The refusal to consent to a process of your personal data when initiated by yourself may have the consequence that Vivira is not able to perform its services as described in its terms and conditions anymore.

Right of appeal

You have the right to communicate with the data protection supervisory authority and to complain to them where appropriate.

13. What happens in case of an amendment of this privacy statement?

We reserve the right to amend this privacy statement under consideration of statutory data protection requirements. You can find the respective current version here or at another place on App and Website where it can be found easily.

In case of questions, suggestions or comments on the subject of data protection, you are welcome to contact our data protection officer: Mike Peter, mpP Group, yourprivacyfirst; expert for data protection; Email: hello@yourprivacyfirst.de.